Cross site scripting

2020-04-1203:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.

CPENameOperatorVersion
provide_ftp_serverle13.1

CPE	Name	Operator	Version
	provide_ftp_server	le	13.1

References

github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Multiple%20Cross-Site-Scripting

www.provideserver.com/security/